Facebook Cancels Shortcut Over Concern for Security
Executive Summary
Facebook created a new shortcut that allowed anyone who had the shortcut, access to the web link owner’s Facebook page and the email address. Facebook emailed their user’s web link that would bypass the login page and allow their user direct access to their Facebook page. The Facebook web links were never meant to be publically available but attackers were able to find these web links on the web. Facebook claims the leak of the web links could come from user posting their links on the web, allowing anyone to search for them. Facebook has since discontinued the web link after finding the security flaw.
This exposed security flaw comes a week after a Bulgarian blogger bought 1.1 million Facebook email address and usernames on the web for five dollars and posted the information on the web. Facebook denies that the two events are connected.
Analysis:
This security flaw is another example of the weakest link theory. The strength of any type of technological security is only as strong as it’s weakest link. In many security breaches, humans have been shown to be the weakest link because humans are more likely to compromised by attacks than other security measures. According to Facebook, the security breach was caused by users posting their links on the web without thinking of the consequences of the action. All the security measures that Facebook followed to keep the email information was rendered worthless when the users posted the web links onto the web allowing any attacker to search for the web link and gain unauthorized access to Facebook pages and email accounts.
Executive Summary
Facebook created a new shortcut that allowed anyone who had the shortcut, access to the web link owner’s Facebook page and the email address. Facebook emailed their user’s web link that would bypass the login page and allow their user direct access to their Facebook page. The Facebook web links were never meant to be publically available but attackers were able to find these web links on the web. Facebook claims the leak of the web links could come from user posting their links on the web, allowing anyone to search for them. Facebook has since discontinued the web link after finding the security flaw.
This exposed security flaw comes a week after a Bulgarian blogger bought 1.1 million Facebook email address and usernames on the web for five dollars and posted the information on the web. Facebook denies that the two events are connected.
Analysis:
This security flaw is another example of the weakest link theory. The strength of any type of technological security is only as strong as it’s weakest link. In many security breaches, humans have been shown to be the weakest link because humans are more likely to compromised by attacks than other security measures. According to Facebook, the security breach was caused by users posting their links on the web without thinking of the consequences of the action. All the security measures that Facebook followed to keep the email information was rendered worthless when the users posted the web links onto the web allowing any attacker to search for the web link and gain unauthorized access to Facebook pages and email accounts.